Found in: #121
Problem
weasyprint was changed from >=67.0 to ==67.0 in [project.dependencies]. An exact pin in a library's production dependencies prevents users from:
- Receiving bug fixes and security patches (e.g. CVE-2025-68616 fixed in 68.0)
- Using other packages that may require a different weasyprint version
WeasyPrint 68.0 does have breaking changes (deprecated default_url_fetcher, changed redirect handling), so a constraint is justified.
Action needed
Either:
- Document the specific reason for the hard pin, or
- Relax to a bounded range like
>=67.0,<69 which avoids the 68.0 breakage while being less restrictive
Found in: #121
Problem
weasyprintwas changed from>=67.0to==67.0in[project.dependencies]. An exact pin in a library's production dependencies prevents users from:WeasyPrint 68.0 does have breaking changes (deprecated
default_url_fetcher, changed redirect handling), so a constraint is justified.Action needed
Either:
>=67.0,<69which avoids the 68.0 breakage while being less restrictive